Tag Archives: malware

The Media Trust & ExchangeWire Release Global Malware Study

Today ExchangeWire released the first global study of the perceptions of malware and malvertising in the digital advertising ecosystem. The research and accompanying report were created in partnership with The Media Trust, the world’s leading media verification, malware protection, and advertising quality assurance platform.

The results will be revealed and discussed later today at an event in London later today.

From the Forward:

The digital advertising ecosystem is in a state of crisis, with many questioning its security. Each week bears witness to another media story regarding malware-laden ads infecting devices to cause harm to consumers. The presence of malware in the digital environment is no longer a topic relegated to advertising professionals – it’s become a mainstream and global issue.

Each year the number of ad-delivered malware infections increases, with The Media Trust detecting a year-over-year doubling in growth for the past several years. Clearly, malware is not new, which presents an interesting question: What do digital advertising professionals think about malware?

This study provides insight into the opinions of agencies, ad tech providers and publishers across several of the world’s largest publishing markets. In general, most are aware of the malvertising risks in their environments and almost everyone agrees it’s on the rise. However, there are some surprising results, and several opinions do not correlate with industry data:

• 50%+ believe malware is less of a problem on mobile

• US and UK publishers feel malware is a bigger issue for ecommerce than publisher/media websites

• Industry professionals believe 72% of malware exists on non-premium sites

• 20% of publishers believe their websites’ are safe from the constant threat of malware

You can download the full report here: Malware Report.

Online Advertising Fraudsters Turn to ‘Ad-Injection’ Scams

I’m not sure if it’s the Baader-Meinhof Syndrome taking effect now that I’m working with The Media Trust but it sure seems like we’re seeing an increasing number of general media stories about malware and other attacks spread through ad-based vectors. This weekend we had Pagefair, an ad-blocker remover, unwittingly serve as a distributor of malware to over 500 sites and now this story in WSJ.
I fear it’s going to get a lot worse before it gets a lot better and we’ll see some pretty big names dragged through the dirt because of it.

The online ad industry has yet another scam to contend with, and this time it’s publishers bearing the brunt instead of marketers.
The industry is already fighting an ongoing battle against “bots,” computer programs that disguise themselves as real users to defraud advertisers. But now fraud detection companies say there’s a growing threat from “ad injection,” whereby Web users’ browsers are commandeered and ads are stuffed into sites without publishers’ permission.

Source: Online Advertising Fraudsters Turn to ‘Ad-Injection’ Scams

The Scrap Value of a Hacked PC, Revisited — Krebs on Security

As I continue to dig into the dark and murky world of malware and madvertising I am discovering some pretty cool stuff. Here’s a great diagram of all the things that nefarious individuals can do once they gain access to your computer — even a basic web-browsing and email-checking one.

Source: The Scrap Value of a Hacked PC, Revisited — Krebs on Security

From his post:

One of the ideas I tried to get across with this image is that nearly every aspect of a hacked computer and a user’s online life can be and has been commoditized. If it has value and can be resold, you can be sure there is a service or product offered in the cybercriminal underground to monetize it. I haven’t yet found an exception to this rule.

I definitely recommend Brian Krebs’ site if you’re interested in this stuff. He’s kind of a (somewhat nerdy) badass.

Malvertising campaign found on Google Adwords

As I’ve started to dive into the dark world of malvertising and malware, it’s incredible to see how both widespread and endemic the issue is and, at the same time, how little the main stream press covers it and how unaware large publishers are about the problem.

Even Googles popular advertising service isnt secure from cybercrooks

Source: Malvertising campaign found on Google Adwords

A Start-Up With a Way to Filter Botnet Traffic Gets Funding – NYTimes.com

News that White Hat has revived $7M in funding says a bit more about their press profile and media presence than it does about the ingenuity of their underlying tech. I don’t see anything particularly new or ground breaking here.

Perhaps this piece in nyt (blog) gets the tech wrong, but a solution reliant even partially on flash would appear to fatally flawed. White Hat aren’t the first to offer such a service and others do it without relying on a bloated, outdated, and increasingly blocked technology.

Why all the attention to this company? Why now?

A Start-Up With a Way to Filter Botnet Traffic Gets Funding – NYTimes.com.